{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24239", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-01-17T00:00:45.007Z", "datePublished": "2025-03-31T22:24:11.191Z", "dateUpdated": "2026-04-02T18:25:07.527Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access protected user data"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data."}], "references": [{"url": "https://support.apple.com/en-us/122373"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:25:07.527Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T13:21:17.667265Z", "id": "CVE-2025-24239", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T13:22:04.502Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Apr/8"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:10:10.508Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Apr/8"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:10:10.508Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24239", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T13:21:17.667265Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T04:15:51.652Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122373"}], "descriptions": [{"lang": "en", "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access protected user data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-03-31T22:24:11.191Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24239", "state": "PUBLISHED", "dateUpdated": "2025-11-03T21:10:10.508Z", "dateReserved": "2025-01-17T00:00:45.007Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-03-31T22:24:11.191Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621", "versionEndExcluding": "15.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de degradaci\u00f3n con restricciones adicionales para la firma de c\u00f3digo. Este problema se solucion\u00f3 en macOS Sequoia 15.4. Una aplicaci\u00f3n podr\u00eda acceder a datos protegidos del usuario."}], "id": "CVE-2025-24239", "lastModified": "2025-11-03T22:18:34.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-31T23:15:21.157", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/122373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/8"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T02:27:51.757566+00:00", "value": {"mitigation_remediation": ["Install macOS Sequoia 15.4 or later to apply the code\u2011signing restrictions added to the operating system.", "Update all installed applications to the latest signed releases to eliminate any lingering downgrade paths.", "Audit user\u2011level permissions for applications with elevated privileges, ensuring that only trusted apps have rights to access protected data."], "summary": {"action": "Apply Patch Immediately", "impact": "Data exposure to protected user data"}, "threat_synthesis": {"affected_systems": "The issue affects macOS overall, with the fix applied in macOS Sequoia 15.4. No specific sub\u2011versions are listed beyond the mention of Sequoia 15.4, so any earlier releases that did not include the additional code\u2011signing restrictions are considered vulnerable.", "description_and_impact": "A downgrade issue in macOS allowed an application to bypass newly implemented code\u2011signing restrictions, potentially granting the app access to user data that is normally protected. The vulnerability is mitigated in macOS Sequoia 15.4, and the description states that an app may be able to read protected data after exploitation. While the CVSS score of 6.5 indicates moderate severity, the EPSS is below 1%, meaning that active exploitation is currently rare but not impossible.", "risk_and_exploitability": "The CVSS score of 6.5 places the vulnerability in the medium severity range. The EPSS score of less than 1% suggests an extremely low probability of exploitation, and the vulnerability is not currently listed in the CISA KEV catalog. Inference based on the description points to a downgrade attack vector, where an attacker installs an older version of an application that does not comply with the updated signing requirements. Exploitation would allow the app to read protected user data, compromising confidentiality. The overall risk is moderate, but mitigation is recommended to prevent potential data exposure."}}}}, "created": "2026-04-28T02:30:18.744047+00:00", "title": "App Access to Protected User Data via Downgrade Issue", "updated": "2026-04-28T02:30:18.744058+00:00", "vendors": []}